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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 6/1/06 
has been entered. 

Claim Objections 

Claim 25 is objected to because of the following informalities: lack of antecedent 
basis. Claim 25 references "the information portal logic of Claim 20," but Claim 20 
claims "computer implemented logic" and "web page logic". Claim 20 does not contain 
"information portal logic." Appropriate correction is required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 20 - 25 are rejected under 35 U.S.C. 112, second paragraph, as being 

indefinite for failing to particularly point out and distinctly claim the subject matter which 

applicant regards as the invention. 
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Claim 20 claims "web page logic, at the portal server, for [named function]". 
However, Claim 20 does not claim that said logic is being executed by the portal server. 
Examiner suggests applicant incorporate claim language to the effect that said logic is 
being or will be implemented by the portal server rather than merely stating that said 
logic resides on the portal server. 

Without claim language to indicate that said logic is or will be implemented by a 
computer device, examiner believes that Claim 20 will run afoul of §1 01 . Without a 
statement defining the structural and functional interrelationships between the computer 
program and other claimed elements of a computer which permit a computer program's 
functionality to be realized, Claim 20 will be considered a computer program and 
computer programs are per se not statutory. See § 2106 IV. S. f . (a). 

Furthermore, claim language "computer implemented logic, at the portal server, 
for [named function]" leaves it unclear whether the logic is being implemented by the 
portal server or whether the logic merely resides at the portal server but is actually 
implemented on another as yet undisclosed computer device. 

Claims 21 - 25 are rejected based upon their dependency to Claim 20. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

To ensure clarity and clear understanding of examiner's rationale for application 
of cited prior art, terminology contained within parentheses indicates quoted language 
contained within said cited prior art reference while unquoted language contained within 
parentheses indicates the general concept as conveyed by said cited prior art 
reference. Such parenthetical terminology is to be interpreted as "reading on" or being 
"mapped to" the claim language prior to such parenthetical inclusions. 

Claims 20 - 35 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Disclosed Prior Art (applicant's specification), Shea (Shea, Richard. L2TP: 
Implementation and Operation. Addison-Wesley Professional. Reading, MA. September 
24, 1999. p. 191), Rangan (Us Patent 6,594,766), Vittal (US Patent 6,907,401), 
Haverstock (US Patent 6,343,607), Chapman (Chapman, D. Brent & Zwicky, Elizabeth 
D. Building Internet Firewalls. O'Reilly & Associates. 1995. pp. 45 - 47) and Kyle (Kyle, 
Robert C. Property Management. Dearborn Real Estate Education. September 1 , 1999. 
pp. 50-51). 
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Regarding Claims 20 - 25, Disclosed Prior Art discloses an information portal 
system comprising: 

■ computer implemented logic, at a portal server, for authenticating a user 
attempting to log onto the portal server ("authenticates the user to the 
portal"), (see p. 2); 

■ the user-specific link for enabling the user to authenticate itself with the 
institution server based upon user-institution authentication data , the 
authentication of the user with the institution server resulting in 
authorization of the system to receive user data from the institution, ("a 
path for user client to read and write authentication data to or from 
database, a path for user client to log onto Fl server, a path for user client 
to retrieve user data from Fl server" - see p. 3); 

■ computer implemented logic, at the portal server, for initiating 
establishment of a portal-institution interface ("the portal server connects 
to the financial institution server 1 ') for enabling the portal server to 
authenticate itself with the institution server using authentication data 
("user authentication data"), and to receive the user data if the 
authentication of the user with the institution server was successful, (see 
p. 2); 

■ computer implemented logic, at the portal server, for performing on the 
user data an action ("gets the information it needs" and "processing to 
format the data") selected from a first set of actions, (see p. 2); 
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■ wherein the in the institution is a financial institution, the user data is 
financial transaction data, (see pp. 2 - 3); 

■ further comprising the server of the institution, the server of the institution 
comprising logic for retaining the user ID ("user authentication data") from 
the user-specific link and associating the user ID with a user account at 
the institution to which the user data pertains, (see p. 2); 

■ each of links operable to link the user with an institution at which the user 
maintains an account, and to provide the user an opportunity to 
authenticate with the respective linked institution and authorize delivery of 
user data at the institution the portal, (see p. 2); and 

■ wherein the logic is further operable to enable the user to authorize the 
institution server to deliver, to the portal server, user data regarding a 
plurality of user accounts at the institution, the authorization for each 
account based on user-institution authentication data corresponding to 
that account, (see p. 2). 

Disclosed Prior Art does not teach the underlined claim limitations - information 
portal system comprising: 

■ web page logic, at the portal server, for presenting to the user a user- 
specific link to an institution server , the user-specific link for enabling the 
user to authenticate itself with the institution server based upon user- 
institution authentication data, the authentication of the user with the 
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institution server resulting in authorization of the portal system to receive 
user data from the institution; and 

■ computer implemented logic, at the portal server, for initiating 
establishment of a portal-institution interface for enabling the portal server 
to authenticate itself with the institution server using portal authentication 
data , and to receive the user data if the authentication of the user with the 
institution server was successful. 

■ wherein the actions performed on the user data by the portal are actions 
selected from a second set of actions that is a subset of the first set of 
actions: 

■ wherein the first set of actions includes conducting a financial transaction 
and the second set of actions includes viewing user data but the second 
does not include conducting financial transactions: 

■ further comprising the server of the institution, the server of the institution 
comprising logic for retaining the user portal ID from the user-specific link 
and associating the user portal ID w ith a user account at the institution to 
which the user data pertains; 

■ wherein the user-specific link is one of a plurality of user-specific links is 
one of a plurality of user-specific links, each of the plurality of user-specific 
links operable to link the user with an institution at which the user 
maintains an account, and to provide the user an opportunity to 
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authenticate with the respective linked institution and authorize delivery of 
user data at the institution the portal; 
■ wherein the user-specific link presented to the user bv the web page logic 
is further operable to enable the user to authorize the institution server to 
deliver, to the portal server, user data regarding a plurality of user 
accounts at the institution, the authorization for each account based on 
user-institution authentication data corresponding to that account. 
Utilization of web page logic, at a portal server, for presentation to the user of a 
user-specific link and/or a plurality of user-specific links to other servers is old and well 
known in the art of information technology, as evidenced by Rangan which states that 
the portal presents a "personalized page having listed plural Internet destinations 
enabled by hyperlinks" (see abstract). It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to have modified Disclosed Prior Art to 
present the user with a personalized link and/or links to other servers, as disclosed by 
Rangan, as personalized presentation of information would allow for the filtering out of 
irrelevant and/or unwanted information. 

Authentication of an entity, person and/or device, at the time of connection to a 
system and prior to providing access to resources of said system is old and well known 
in the art of computer security, as evidenced by Shea which states "Connection 
authentication refers to the act of authenticating an entity when a connection is first 
made." It would have been obvious at the time the invention was made to have modified 
Disclosed Prior Art and Rangan to incorporate the ability for the institution to 
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authenticate a connecting entity, as disclosed by Shea, in general, and by Disclosed 
Prior Art, utilizing user authentication data, to ensure said connecting entity, regardless 
of its nature, has valid authorization to access said system. 

The ability for an online information source to authorize portal servers ("online 
aggregators") access, to utilize portal authentication data ("a trusted URL" or "partner 
certificate") to allow a portal server access and to control the data and/or transactions 
("allowing the [information source] to set the portal switch to specify transfer 
parameters, services and data") transmitted to the portal server were known at the time 
of the invention as evidenced by Vittal. (see abstract; col. 6, lines 37 - 50; col. 10, lines 
63 - col. 12, line 54). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to have modified Disclosed Prior Art, Rangan and Shea to 
incorporate the ability of servers to authorize and authenticate portal servers, as well as 
control the access privileges of portal servers, to provide security to information access 
and/or transmission. 

Providing different users of a system with different levels of access and allowing 
them different subsets of actions on the system, such as through a least privilege 
designation or through role-based security, is old and well known in the art of computer 
and network security, as evidenced by Haverstock which discloses a web-based server 
utilizing a role-based security system, stating "The system also provides role-based, 
multi-level security module 40 for controlling access to objects within the system. The 
system enables an authorized individual to assign users a defined role. Each role may 
have various privileges based on the priority level of the role. Priority levels may 
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comprise a read only privilege, read and edit privileges, read public information only 
privileges, etc." (see col. 5, lines 56 - 62). 

Furthermore, Chapman discloses the use of least privilege designations for 
network security purposes, stating "Basically, the principle of least privilege means that 
any object (user, administrator, program, system, whatever) should have only the 
privileges the object needs to perform its assigned tasks - and no more... In the Internet 
context, the examples are endless. Every user probably doesn't need to access every 
Internet service. Every user probably doesn't need to modify (or even read) every file on 
your system. ..Applying the principle of least privilege suggests that you should explore 
ways to reduce the privileges required for various operations." (see p. 45). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified Disclosed Prior Art, Rangan, Shea and Vittal by 
incorporating commonly known security measures, such as the least privilege principle, 
role-based security or access control lists, as disclosed by Haverstock and Chapman, to 
limit the portal server's actions on the institution server to a subset of the total actions 
that the user, him/herself, could employ on the institution server, as the portal server 
would be deemed a non-trusted third party and not the user, him/herself. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified Disclosed Prior Art, Shea, Ragan, Vittal, 
Haverstock and Chapman to have limited the portal server, in the role of non-trusted 
third party, to access and retrieve user information, the least privilege required as an 
information portal, and not allowing the portal server to act or authorize transactions 
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based upon that user information, as such activities would be outside its scope as an 
information portal. 

Additionally, the concept of a special agent or an agent with a limited scope of 
authority, and the appointment of such an agent, is old and well known in the art of 
agency law and business management, as evidenced by Kyle (see pp. 50 - 51). It 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made to have modified Disclosed Prior Art, Shea, Ragan, Vittal, Haverstock and 
Chapman to have limited the portal server, in its appointed role as a special agent to the 
user, to the functions that were within the scope of its authority as the user's agent, 
such as permitting the portal server to access and retrieve user information, and not 
allowing the portal server to act or authorize transactions based upon that user 
information, as such activities would be outside its scope as a special agent. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified access privileges for the portal server to allow for 
any access privileges that the inventor desired, such as limited portal server access to 
certain account information and/or documents, and/or performance of certain actions. 
In re Kuhle, 526 F.2d 553, 555, 188 USPQ 7, 9 (CCPA 1975). 

Regarding Claims 26 - 29, Claims 26 - 29 recite similar limitations and/or would 
have been obvious based upon Claims 20 - 25 rejected above, and are therefore 
rejected using the same art and rationale as applied in the rejection of Claims 20 - 25. 

Regarding Claim 30, Disclosed Prior Art does not teach underlined claim 
limitation - a computer product program: 
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■ wherein the program code is further operable to revoke authorization of 
the portal to receive the user data . 

Vittal discloses a computer product program: 

■ wherein the program code (program code "disabling the switch") is further 
operable to revoke authorization of the portal to receive the user data ("a 
desire to be excluded from... the aggregator"), (see abstract). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified Disclosed Prior Art, Shea, Ragan, Vittal, 
Haverstock, Chapman and Kyle to incorporate the ability to revoke authorization for a 
portal to access information, as disclosed by Vittal, as when an agency relationship is 
terminated and/or an entity's status as an appointed agent is revoked, to prevent further 
access to the dismissed agent to the user's information. 

Regarding Claims 31 - 35, Claims 31 - 35 recite similar limitations and/or would 
have been obvious based upon Claims 20 - 30 rejected above, and are therefore 
rejected using the same art and rationale as applied in the rejection of Claims 20 - 30. 
Differing claim limitations of Claim 32, such as batch processing, are old and well known 
in the art of information technology. It would have been obvious to one of ordinary skill 
in the art to have modified Disclosed Prior Art, Shea, Ragan, Vittal, Haverstock, 
Chapman and Kyle by incorporating batch processing of information, 
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Applicant's arguments with respect to pending claims have been considered but 
are moot in view of the new ground(s) of rejection. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jason M. Borlinghaus whose telephone number is (571) 

272- 6924. The examiner can normally be reached on 8:30am-5:00pm M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on (571) 272-6712. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Conclusion 
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